Hi,
I noticed that UDP packets with a checksum of zero (0) make it through the
UDP stack to userland programs. Is there a knob to turn that off?
Offending packet:
08:38:28.035351 45.148.10.91.80 > 5.9.87.75.53: [no udp cksum] 65534+ [1au] ANY
(Class 10531)? .(24) (ttl 241, id 35118, len 52)
0000: 4500 0034 892e 0000 f111 ac47 2d94 0a5b E..4.......G-..[
0010: 0509 574b 0050 0035 0020 0000 fffe 0100 ..WK.P.5. ......
0020: 0001 0000 0000 0001 0000 ff29 2328 0000 ...........)#(..
0030: 0000 0000 ....
My program:
Jul 19 08:38:28 kite delphinusdnsd[78611]: expand_compression() failed
Jul 19 08:38:28 kite delphinusdnsd[48090]: on descriptor 15 interface "5.9.87.75
" malformed question from 45.148.10.91, drop
OpenBSD's counters:
udp:
1556 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
234 with no checksum
Is this normal? Allowing packets with no checksum through makes it so much
easier for level 0 script kiddies. BTW the checksum of zero should be at
offset 0x1A in the dump.
Best Regards,
-peter
